<? require("core/base.php"); 

		  	  $bd=new bd;
			  
			  if (isset($_SESSION['autenticat']) && isset($_REQUEST['action']))
			  {
			  		switch($_REQUEST['action'])
					{
			  			case "logout":
							unset($_SESSION['autenticat']);
							unset($_SESSION['username']);
							unset($_SESSION['admin']);
							$showmsg="<UL><LI>Logout successful</LI></UL>";						
							break;
							
						case "chgpass":
							$sQuery="SELECT COUNT(*) AS res FROM users WHERE username=".dbstr($_SESSION['username'])." AND password=".dbstr(md5($_REQUEST['oldpass']));
							$bd->query($sQuery);
							$r=$bd->getResultatObj();
							
							if ($r[0]->res==0)
							{
								$showmsg="<UL><LI>Incorrect password</LI></UL>";
								break;
							}
							
							if ($_REQUEST['newpass1']!=$_REQUEST['newpass2'])
							{
								$showmsg="<UL><LI>Passwords do not match</LI></UL>";
								break;
							}
							
							$sQuery="UPDATE users SET password=".dbstr(md5($_REQUEST['newpass1']))." WHERE username=".dbstr($_SESSION['username']);
							$bd->query($sQuery);
							$showmsg="<UL><LI>Password changed sucessfully</LI></UL>";
							break;
							
						case "delmachine":
							$sQuery="DELETE FROM machines WHERE username=".dbstr($_SESSION['username'])." AND name=".dbstr($_REQUEST['machine']);
							$bd->query($sQuery);
							$showmsg="<UL><LI>Machine <I>".webstr($_REQUEST['machine'])."</I> deleted sucessfully</LI></UL>";
							break;
							
						case "newuser":
							if (isset($_SESSION['admin']) && $_SESSION['admin']==true)
							{
								if ($_REQUEST['pass1']!=$_REQUEST['pass2'])
								{
									$showmsg="<UL><LI>Passwords do not match</LI></UL>";
									break;
								}
								
								if ($_REQUEST['admin']=="t")
									$t="t";
								else
									$t="f";
							
								$sQuery="INSERT INTO users(username, password, realname, subscribe_date, admin) VALUES(";
								$sQuery.=dbstr($_REQUEST['username']).", ".dbstr(md5($_REQUEST['pass1'])).", ".dbstr($_REQUEST['realname']).", NOW(), ".dbstr($t).");";
								
								$bd->query($sQuery);
								if ($bd->getErrDescr()=="Ok")
									$showmsg="<UL><LI>User <I>".webstr($_REQUEST['username'])."</I> added successfully</LI></UL>";
								else
								{
									if (stristr($bd->getErrDescr(), "duplicate"))
										$showmsg="<UL><LI>User <I>".webstr($_REQUEST['username'])."</I> already exists</LI></UL>";
									else
										$showmsg="<UL><LI>".webstr($bd->getErrDescr())."</LI></UL>";
								}
							}
							else
								$showmsg="<UL><LI>You do not have administrator privileges</LI></UL>";
							break;
							

						case "deluser":
							if (isset($_SESSION['admin']) && $_SESSION['admin']==true)
							{												
								$sQuery="DELETE FROM users WHERE username=".dbstr($_REQUEST['user']);
								$bd->query($sQuery);
								$showmsg="<UL><LI>User <I>".webstr($_REQUEST['username'])."</I> deleted successfully</LI></UL>";
							}
							else
								$showmsg="<UL><LI>You do not have administrator privileges</LI></UL>";
							break;
							
							
						case "setpass":
							if (isset($_SESSION['admin']) && $_SESSION['admin']==true)
							{												
								if ($_REQUEST['pass1']!=$_REQUEST['pass2'])
								{
									$showmsg="<UL><LI>Passwords do not match</LI></UL>";
									break;
								}
								
								$sQuery="UPDATE users SET password=".dbstr(md5($_REQUEST['pass1']))." WHERE username=".dbstr($_REQUEST['user']);
								$bd->query($sQuery);
								$showmsg="<UL><LI>Password changed sucessfully</LI></UL>";
							}
							else
								$showmsg="<UL><LI>You do not have administrator privileges</LI></UL>";
							break;
							
							

						case "resetdb":
							if (isset($_SESSION['admin']) && $_SESSION['admin']==true)
							{												
								if ($_REQUEST['reset']==0)
								{
									$showmsg="<UL><LI>Please make sure you check the checkbox if you want to reset the database</LI></UL>";
									break;
								}
								
								$sQuery="BEGIN TRANSACTION;";
								$sQuery.="DELETE FROM machines;";
								$sQuery.="DELETE FROM os;";
								$sQuery.="DELETE FROM cpus;";
								$sQuery.="COMMIT;";
								
								$bd->query($sQuery);
								
								if ($bd->getErrDescr()=="Ok")
									$showmsg="<UL><LI>Database reset successfully</LI></UL>";
								else
								{
									$err=$bd->getErrDescr();
									$bd->query("ROLLBACK;");
									$showmsg="<UL><LI>".webstr($err())."</LI></UL>";
								}
							}
							else
								$showmsg="<UL><LI>You do not have administrator privileges</LI></UL>";
							break;
							
			  		}	
			  }
			  else if (!isset($_SESSION['autenticat']) && isset($_REQUEST['action']) && $_REQUEST['action']=="login")
			  {
						$username=$_REQUEST['username'];
						$pass=$_REQUEST['pass'];
						
						$sQuery="SELECT * FROM users WHERE username=".dbstr($username)." AND password=".dbstr(md5($pass));
						$bd->query($sQuery);
						$r=$bd->getResultatObj();
						
						if (count($r)==0)
							$showmsg="<UL><LI>Authentication failed</LI></UL>";
						else
						{
							$_SESSION['autenticat']=true;
							$_SESSION['username']=$username;
							$_SESSION['admin']=($r[0]->admin=="t");
						}			  
			  }	   		  
		  
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>uptime</title>
<link href="files/main.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="800" border="0" cellspacing="0" cellpadding="0">
  <tr> 
    <td><a href="index.php"><img src="img/hdr.png" alt="uptime" width="800" height="100" hspace="0" vspace="0" border="0"></a></td>
  </tr>  
  <tr>  
    <td valign="top" class="fons33"><?optionBar();?></td>
  </tr>
  <tr>  
    <td valign="top" class="fons33b">
      <table width="100%" border="0" cellspacing="0" cellpadding="8">
        <tr>
          <td><p><br>
				<? echo($showmsg); ?>
              <span class="destacat"><br>
              <br>
			  <?
			  		if (isset($_SESSION['autenticat']))
						echo("<I>".$_SESSION['username']."</I> user settings");
					else
						echo("Login page");			  
			  ?>
              </span></p>
            <p><br>
            </p>
			<?
					if (!isset($_SESSION['autenticat']))
					{
			?>
			
<FORM action="login.php" method="post">
			  <table width="244" border="0" cellspacing="1" cellpadding="1">
                <tr> 
                  <td width="65">Username</td>
                  <td width="172"><div align="right">
                      <input name="username" type="text" class="camptext" id="username" size="30">
                    </div></td>
                </tr>
                <tr> 
                  <td>Password</td>
                  <td><div align="right">
                      <input name="pass" type="password" class="camptext" id="pass" size="30">
                    </div></td>
                </tr>
                <tr> 
                  <td colspan="2"> <div align="right">
                      <input name="action" type="hidden" id="action" value="login">
                      <input name="Submit" type="submit" class="boto" value="Log in">
                    </div></td>
                </tr>
              </table>
</FORM>
			
			<?
					}
					else
					{
			?>
					<BR>
            <br>
            <table width="780" border="0" cellspacing="1" cellpadding="0">
              <tr>
                <td width="50%" valign="top">Change password<br> <BR> <FORM action="login.php" method="post">
                    <table width="300" border="0" cellspacing="1" cellpadding="1">
                      <tr> 
                        <td>Old password</td>
                        <td><div align="right"> 
                            <input name="oldpass" type="password" class="camptext" id="oldpass3" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td>New password</td>
                        <td><div align="right"> 
                            <input name="newpass1" type="password" class="camptext" id="newpass13" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td>Repeat new password</td>
                        <td><div align="right"> 
                            <input name="newpass2" type="password" class="camptext" id="newpass23" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td colspan="2"><div align="right"> 
                            <input name="action" type="hidden" id="action" value="chgpass">
                            <input name="Submit2" type="submit" class="boto" value="Change password">
                          </div></td>
                      </tr>
                    </table>
                  </FORM>
			</td>
                <td valign="top">Delete machines<br> <BR> <FORM action="login.php" method="post">
                    <table width="300" border="0" cellspacing="1" cellpadding="1">
                      <tr> 
                        <td>Machine</td>
                        <td><div align="right"> 
                            <select name="machine" class="camptext" id="machine">
							<?
								$sQuery="SELECT name FROM machines WHERE username=".dbstr($_SESSION['username'])." ORDER BY name";
								$bd->query($sQuery);
								$r=$bd->getResultatObj();
								
								foreach ($r as $k => $v)
									echo("<OPTION value=\"".$v->name."\">".$v->name."</OPTION>");								
							
							?>
                            </select>
                          </div></td>
                      </tr>
                      <tr> 
                        <td colspan="2"><div align="right"> 
                            <input name="action" type="hidden" id="action22" value="delmachine">
                            <input name="Submit22" type="submit" class="boto" value="Delete machine" onClick="return (confirm('Are you sure you want to delete this machine?\nAll uptime information will be lost.'));">
                          </div></td>
                      </tr>
                    </table>
                  </FORM>
            </td>
              </tr>
            </table>
            <br>
            <br>
            <BR>
            <BR>
            <BR> <br>
            <?
					}
					
					if (isset($_SESSION['admin']) && $_SESSION['admin']==true && isset($_SESSION['autenticat']))
					{
			?>
			

			<BR>
			<SPAN class="destacat">Admin options</SPAN><br>

            <br>
            <table width="780" border="0" cellspacing="1" cellpadding="0">
              <tr>
                <td valign="top">New user<br> <BR> <FORM action="login.php" method="post">
                    <table width="300" border="0" cellspacing="1" cellpadding="1">
                      <tr> 
                        <td>username</td>
                        <td><div align="right"> 
                            <input name="username" type="text" class="camptext" id="oldpass3" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td>password</td>
                        <td><div align="right"> 
                            <input name="pass1" type="password" class="camptext" id="newpass13" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td>repeat password</td>
                        <td><div align="right"> 
                            <input name="pass2" type="password" class="camptext" id="newpass23" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td>real name</td>
                        <td><div align="right"> 
                            <input name="realname" type="text" class="camptext" id="newpass23" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td>&nbsp;</td>
                        <td><div align="right"> 
                            <input name="admin" type="checkbox" id="admin" value="t">
                            Admin </div></td>
                      </tr>					  
                      <tr> 
                        <td colspan="2"><div align="right"> 
                            <input name="action" type="hidden" id="action" value="newuser">
                            <input name="Submit2" type="submit" class="boto" value="New user">
                          </div></td>
                      </tr>
                    </table>
                  </FORM>
			</td>
                <td valign="top">Delete users<br> <BR> <FORM action="login.php" method="post">
                    <table width="300" border="0" cellspacing="1" cellpadding="1">
                      <tr> 
                        <td>User</td>
                        <td><div align="right"> 
                            <select name="user" class="camptext" id="user">
							<?
								$sQuery="SELECT username FROM users ORDER BY username";
								$bd->query($sQuery);
								$r=$bd->getResultatObj();
								
								foreach ($r as $k => $v)
									echo("<OPTION value=\"".$v->username."\">".$v->username."</OPTION>");								
							
							?>
                            </select>
                          </div></td>
                      </tr>
                      <tr> 
                        <td colspan="2"><div align="right"> 
                            <input name="action" type="hidden" id="action22" value="deluser">
                            <input name="Submit22" type="submit" class="boto" value="Delete user" onClick="return (confirm('Are you sure you want to delete this user?\nAll uptime information regarding this user\'s machines will be lost.'));">
                          </div></td>
                      </tr>
                    </table>
                  </FORM>
            </td>
              </tr>
			  
              <tr>
                <td width="50%" valign="top"><br>
                  <br>
                  Set new password<br> <BR> <FORM action="login.php" method="post">
                    <table width="300" border="0" cellspacing="1" cellpadding="1">
                      <tr> 
                        <td>username</td>
                        <td><div align="right"> 
                            <select name="user" class="camptext" id="user">
                              <?
								$sQuery="SELECT username FROM users ORDER BY username";
								$bd->query($sQuery);
								$r=$bd->getResultatObj();
								
								foreach ($r as $k => $v)
									echo("<OPTION value=\"".$v->username."\">".$v->username."</OPTION>");								
							
							?>
                            </select>
                          </div></td>
                      </tr>
                      <tr> 
                        <td>new password</td>
                        <td><div align="right"> 
                            <input name="pass1" type="password" class="camptext" id="newpass13" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td>repeat password</td>
                        <td><div align="right"> 
                            <input name="pass2" type="password" class="camptext" id="newpass23" size="30">
                          </div></td>
                      </tr>
                      <tr> 
                        <td colspan="2"><div align="right"> 
                            <input name="action" type="hidden" id="action" value="setpass">
                            <input name="Submit2" type="submit" class="boto" value="Set password">
                          </div></td>
                      </tr>
                    </table>
                  </FORM>
			</td>
                <td valign="top"><br>
                  <br>
                  Reset database<br> <BR> <FORM action="login.php" method="post">
                    <table width="300" border="0" cellspacing="1" cellpadding="1">
                      <tr> 
                        <td>Delete all uptime, machine, OS and CPU information.</td>
                        <td><div align="right"> 
                            <input name="reset" type="checkbox" id="reset" value="1">
                            Yes, delete erverything but users</div></td>
                      </tr>
                      <tr> 
                        <td colspan="2"><div align="right"> 
                            <input name="action" type="hidden" id="action22" value="resetdb">
                            <input name="Submit22" type="submit" class="boto" value="Reset database" onClick="return (confirm('Are you sure you want to reset the database?'));">
                          </div></td>
                      </tr>
                    </table>
                  </FORM>
            </td>
              </tr>
			  
            </table>			
			
			<?
					}
			?>
            <p><br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
            </p>
	<DIV align="right">
      <a href="http://validator.w3.org/check?uri=referer"><img border="0"
          src="http://www.w3.org/Icons/valid-html401"
          alt="Valid HTML 4.01!" height="31" width="88"></a>
    </DIV>			
            <p>&nbsp;</p></td>
        </tr>
      </table>
      
    </td>
  </tr>
</table>
</body>
</html>
